It is common for computer systems, including individual home and office computers, computer networks, and mobile devices such as smart phones, to implement a backup mechanism to allow the recovery of important files in the event that the original files are lost. In some cases, a file may be backed up by copying the original file to another memory location within a given terminal. In others, a file may be copied to another storage medium on the same network, or to a remote storage medium via the Internet or a Wide Area Network.
An example backup service that is currently available is F-Secure™ Online Backup available from F-Secure Corporation, Helsinki, Finland. This product installs and runs a backup application on a client computer which, by default, copies all files and associated data and transmits these over a secure Internet link to a remote storage location. In the event that a file is lost or found to be corrupted on the client computer, a user can recover a copy of the file from the remote storage location.
In order to avoid the need to repeatedly copy all files from a given client computer to a backup storage location, either within the same computer or at another device, a backup application will typically monitor the local or “primary” memory to detect when changes to previously backed-up files occur. For example, the application may look at a file system timestamp that is included with the stored file by a computer's operating system, and which is updated with the current time whenever the file is modified. Only when a change in a timestamp is detected will the backup application copy the modified file and use it to overwrite a previously backed-up copy of the file. Other approaches do not rely upon a changing timestamp, and will backup files if any change in the original copy of the file is detected.
A problem that many computer users will have experienced is that of a clean and intact backup copy of a file being over-written by a corrupted version of the file. The original backup copy of the file is of course lost, and when the user attempts to restore the backup copy, all that can be retrieved is the corrupted copy which is generally of no use. It has been suggested—see http://lists.samba.org/archive/rsync/2009-May/023265.html—that such over-writing of a clean and intact file with a corrupt file may be prevented by not backing-up the file if only a change in the file is detected whilst the timestamp does not change. This approach however cannot protect a system when a file is modified and validly re-saved with a new timestamp, but where the file is broken or maliciously altered.